{ "id": "7c2fbac7-fc9f-4202-bec3-277475d488fa", "created_at": "2026-04-06T00:15:27.549633Z", "updated_at": "2026-04-10T03:31:32.09648Z", "deleted_at": null, "sha1_hash": "68d80b5bd98e70b85cef92203b0029a49dfd9432", "title": "Russia or Ukraine: Hacking groups take sides", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 117273, "plain_text": "Russia or Ukraine: Hacking groups take sides\r\nBy Emma Vail\r\nPublished: 2023-01-17 · Archived: 2026-04-02 11:32:25 UTC\r\nUpdated March 3 at 7:35pm.\r\nRussia’s invasion of Ukraine has taken place both on and offline, blending physical devastation with escalating\r\ndigital warfare. Ransomware gangs and other hacking groups have taken to social media to announce where their\r\nallegiances lie. \r\nThe Record will be tracking who these groups align with, as well as any attacks they launch related to the\r\nconflict. \r\nMany of the pronouncements from these groups include threats against critical government infrastructure. Some\r\ncollectives are state-sponsored while others are decentralized — but all are able to take down computer systems\r\nand breach organizations. \r\n“It is now an inevitable part of any military action that so-called ‘Cyber Patriots’ will engage the perceived enemy\r\neither of their own free will or at the direction of their government. Some of these activities, such as Anonymous\r\nlaunching DDoS attacks, will be nothing more than minor nuisances but others could have real consequences,”\r\nsaid Allan Liska, a ransomware expert at Recorded Future. “Ransomware groups, for example, have more targets\r\nthan they can go after right now and may decide to focus on attacking the enemies of their country to create real\r\ndisruption. And the more skilled groups can have an even greater impact.”\r\nLiska warned that Sandworm and UNC1151 are the most concerning in terms of their capabilities and activity, and\r\nshould be closely monitored.\r\nSiding with Ukraine\r\nAnonymous - United with Ukraine and “officially in a cyber war against the Russian government.” The group\r\nlater tweeted that they targeted Russian-state controlled international television network RT, and “has taken down\r\nthe website of the #Russian propaganda station RT News.” Anonymous is said to be a decentralized hacktivist\r\ngroup that targets different government institutions and government agencies, corporations, and the Church of\r\nScientology. GNG, a hacking group affiliated with Anonymous, has gained access to SberBANK database and\r\nleaked hundreds of data files. Sberbank, Russia’s biggest lender, is now facing failure. NB65 is another affiliate of\r\nAnonymous who Tweeted their support for Ukraine: \"#Anonymous is not alone. NB65 has officially declared\r\ncyber war on Russia as well. You want to invade Ukraine? Good. Face resistance from the entire world.\r\n#UkraineWar All of us are watching. All of us are fighting.”\r\nAs of February 28th, another group under the Anonymous umbrella named DeepNetAnon has joined in the\r\noperations against Russia by attacking and intercepting Russian radio receivers. “The Russians have now taken\r\noffline the second web server hosting a Software-Defined Radio receiver (used to interact with Radio\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 1 of 6\n\nFrequencies). Too bad there's many more sites we can use. (;” the group tweeted. The collective also announced\r\nthat they have successfully hacked the Ministry of Economic Development of Russia. 1LevelCrew also showed\r\ntheir support for Ukraine and tweeted, “TANGO DOWN - http://pfr.gov.ru - Pension Fund of Russian offline. |\r\n#OpRussia #Anonymous.” Another collective known as HydraUG made a clear statement via Twitter: “Im not\r\nhere to deface/destroy your website, im here to liberate Ukraine.”\r\nThe Anonymous collective is officially in cyber war against the Russian government. #Anonymous\r\n#Ukraine\r\n— Anonymous (@YourAnonOne) February 24, 2022\r\nAs of Wednesday, another affiliate named N3UR0515 took to Twitter to share support and call on YouTube to take\r\ndown Russian propaganda. The group has administered DDoS attacks and taken down ‘ria.ru’ — the Official\r\nRussian Information Website. Joining the Anonymous collective, v0g3ISec announced that they had hacked into\r\nthe Russian Space Research Institute database and leaked files from Roscosmos, though the hack has not been\r\nconfirmed.\r\nGhostsec - Announced their support for Ukraine today: “In support of the people in Ukraine WE STAND BY\r\nYOU!” Also known as Ghost Security, the group considers itself a ‘vigilante’ group and was initially formed to\r\ntarget ISIS websites that preach Islamic extremism. Ghostsec is also commonly referred to as an offshoot of\r\nAnonymous. \r\nIT army of Ukraine - After Ukraine’s deputy prime minister and minister for digital transformation Mykhailo\r\nFedorov enacted the volunteer application, over 175,000 people have subscribed. Many have been tasked with\r\ndistributed denial-of-service attacks against Russian websites including government websites, banks, and energy\r\ncompanies. On February 27, officials also told volunteers to target websites registered in Belarus. Fedorov\r\nreleased the target list. \r\nAgainstTheWest (ATW) - Standing with Ukraine, the group’s Twitter account says, “We’re back in action.\r\nStanding against Russia. Active until Russia stands down.” The group is actively working to breach Russian\r\ninfrastructure including Russian railways and Russian Government contractor \"promen48[.]ru.\" As of March 1,\r\nthe group has issued a new statement for further clarification, “we won’t be collaborating with anonymous.”\r\nFurthermore, “ATW will be splitting into two groups. One for Russia related breaches, one for Chinese related,”\r\nthe group states. ATW accused Anonymous of taking the credit for the work done by ATW: “Anonymous has had\r\na lot of media publicity over the years for hacking, and to see this. It didn’t sit right.” ATW seems to have been\r\nsuspended from Twitter as of March 3.\r\nSHDWsec - Joins the movement to support Ukraine. The group is working in collaboration with ATW and\r\nAnonymous in operations against Russia, “SHDWSec joined forces with @AgainstTheWest_  First stage is now\r\non the roll. Expecting us is too late. Brace for impact. More to come.\"\r\nBelarusian Cyber Partisans - Supporting Ukraine. The activist hacking group successfully accessed the\r\ncomputers that control the Belarusian train system, stopping trains in Minsk and Orsha, as well as in the town of\r\nOsipovichi. The operation was intended to “slow down the transfer” of Belarus-based Russian troops into\r\nUkraine. Over the past year, the hacktivists have worked against the Belarus government and were able to leak\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 2 of 6\n\ndata of secret police archives, lists of alleged police informants, personal information about top government\r\nofficials and spies, and more.\r\nKelvinSecurity - Announced they stand with Ukraine: “I want to release this to support the digital war against\r\nRUSSIA. I have a list of weapons development documents that I took from a Russian ballistic institute and I also\r\nhave internal videos from RT, and the Russian nuclear institute,” the statement says. The group has been tweeting\r\nevidence of their engagement in cyber operations. \r\nRaidforums Admin - Stands with Ukraine. The group announced: “Raidforums2 is in support of Ukraine.\r\nMembers are actively DDOS Russian websites and attacking Russian infrastructure. We also have reason to\r\nbelieve the Chinese are hacking Ukrainian networks.” Previously labeled as Raidforum, the collective is now\r\noperating as Raidforum2 after having outage and access issues. It is unclear what went wrong with the original\r\nRaidforum.\r\nContiLeaks - Backing Ukraine. The group has exposed infamous ransomware group Conti from the inside out.\r\nSince February 27, following Conti’s statement of Russian support, an account named ContiLeaks leaked\r\nhundreds of files containing internal Conti communications. The informant is believed to be Ukrainian and has\r\ncontinued to leak more and more files as days go by. A more recent data set shows communication depicting the\r\nchaos within Conti. Actor 1 says, “Hi, all VM farms are cleared and deleted, servers are disabled.” Actor 2\r\nresponds, “I deleted all the farms with the shredder and shut down the servers.”   \r\nSecjuice - Stands with Ukraine. This collective is taking a less volatile approach by using open-source intelligence\r\n(OSINT) and psychological operations (PsyOps). At the request of IT army, they are creating a website for\r\nmissing persons within Ukraine as a resource for families. In a tweet on March 2, the group asked for assistance in\r\nensuring the website is hosted on a safe server and not vulnerable to attacks.\r\nSiding with Russia\r\nConti - In full support of Russia — “If anybody will decide to organize a cyberattack or any war activities against\r\nRussia, we are going to use our all possible resources to strike back at the critical infrastructures of an enemy,”\r\nEmsisoft ransomware expert Brett Callow shared in a tweet. The Conti ransomware gang is highly sophisticated\r\nand known for being the first group to weaponize the Log4Shell vulnerability and operate a fully-developed attack\r\nchain. Days after Conti ransomware group announced their support for Russia, an insider who is believed to be\r\nUkrainian, leaked 400 files of internal communications between members of the group. The leaked messages go\r\nback to January 2021. The data was shared with the malware research group VX-Underground. The hacking\r\ncollective leaking Conti information is now being referred to as ContiLeaks.\r\nThe Conti #ransomware operation sides with Russia and threatens attacks on critical infrastructure.\r\npic.twitter.com/L8E7lEW1MJ\r\n— Brett Callow (@BrettCallow) February 25, 2022\r\nMinsk-based group ‘UNC1151’ - Support lies with Russia. The hacking group is commonly regarded as being\r\nstate-sponsored by Belarus and has already been working to compromise the email accounts of Ukrainian military\r\npersonnel. The group’s “‘members are officers of the Ministry of Defence of the Republic of Belarus,’ Ukrainian\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 3 of 6\n\nofficials added,” as reported by The Record. Facebook (or Meta) has taken down accounts used by UNC1151\r\nwhich targeted Ukrainian officials through Facebook posts that displayed videos that depicted Ukrainian soldiers\r\nas weak. The platform also blocked various phishing domains that were being used to jeopardize Ukrainian\r\naccounts.\r\nZatoichi - Supports Russia through the spread of disinformation via the group's Twitter account. Amongst many\r\nfalse claims, the account stated, “Killnet has already put down the Anonymous website, which announced the start\r\nof a cyber war with the Russian government, the Right Sector website, and the website of the President of\r\nUkraine.”\r\nKillnet — Stands with Russia. The group published a video addressing the people of Russia encouraging them to\r\nnever doubt their country. The video features a hooded figure with a distorted voice claiming to have taken down\r\nthe website belonging to Anonymous. Little is known about the group and it is unclear as to whether the group\r\nexisted previously. \r\nXakNet — Backing Russia. The collective called itself a “team of Russian patriots” in a recent statement and\r\ncriticized Anonymous, “We do not hide behind the mask of abstract ‘Anonymous’.” The announcement concludes\r\nwith a final threat, “For every hack/ddos in our country, similar incidents will occur in Ukraine.”\r\nStormous Ransomware - The collective stands with Russia after they publicly announced, “The STORMOUS\r\nteam has officially announced its support for the Russian governments. And if any party in different parts of the\r\nworld decides to organize a cyber-attack or cyber-attacks against Russia, we will be in the right direction and will\r\nmake all our efforts to abandon the supplication of the West, especially the infrastructure. Perhaps the hacking\r\noperation that our team carried out for the government of Ukraine and a Ukrainian airline was just a simple\r\noperation but what is coming will be bigger!!” The group has been around since the beginning of 2022 and is\r\nbelieved to be financially motivated. Their messages are in Arabic. More recently on March 1, the group issued a\r\nwarning against “western unions” and more specifically companies in the U.S., after being attacked by\r\nunspecified U.S. companies causing their site to be shut down.\r\nDigital Cobra Gang (DCG) - Supports Russia. Another group has stated their allegiance with Russia in a public\r\nstatement that reads, “DIGITAL COBRA GANG DCG has officially declared cyber war on hackers who attacking\r\nRussia as well and to protect justice. Do you want to invade Russia? Taste the good from the whole WORLD\r\n#Ukrainewar #Russia We fight for the Good, 10m deaths and 50 wars Russia? NO!” The group entered the cyber\r\nwar via Twitter on February 27th. The most recent update declares their use of a ‘secret weapon.’ “We set many\r\ntraps so we have wired 27.918 computers from the guys who attacking Russia and we are ready to drop our secret\r\nweapon.”\r\nFreecivilian - United with Russia. The group is reportedly advertising stolen data from 50 different Ukrainian\r\ngovernment websites from a February 23 attack. The attacks on the websites included displayed defacement\r\nmessages that were almost identical to messages from a January 15 attack linked to UNC1151. Although claiming\r\nto be an independent cybercriminal, many suspect the group is linked to nation-state actors.\r\nSandWorm - Backed by Russia. The group, known for its recent malware called Cyclops Blinks, is comprised of\r\nRussian state-sponsored hackers. The malware was first deployed in June 2019 and “has been primarily detected\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 4 of 6\n\ntargeting WatchGuard Firebox firewalls, but they don’t exclude having the ability to infect other types of\r\nnetworking equipment too,” Catalin Cimpanu reported for The Record. \r\nThe Red Bandits - Stands with Russia. On February 22, the group tweeted, “We've hijacked the @UkrainePolice\r\nDashcams and have been watching them. If Ukraine does not do what #Russia wants we will escalate our attacks\r\nagainst Ukraine to involve panic scares. We will also consider distributing #ransomeware in #UkraineRussiaCrisis\r\n#RussiaUcraina #Ukraine.” The collective self-identifies as a cybercrime group from Russia, however, it is widely\r\nspeculated to in fact be Russian Intelligence.\r\nSince their original statement, the group seems to be wavering in its threats against Ukraine. The group tweeted on\r\nMarch 1: “We want everyone from #Ukraine to read this: We stand strongly with citizens of #Ukraine and that’s\r\nwhy we have not attacked anything other than their government. We also have not given a percentage of intel we\r\nhave against Ukraine,” the tweet continues in a long thread. “We do not respect Putin as a #leader of #Russia but\r\nwe respect him as a citizen of #Russia as we support every citizen. We do not agree with his unpeaceful actions\r\nagainst #Ukraine as an operation.” The statement continues in a later post, “Please understand, we're not going to\r\nstop defending our country. We will not surrender because of reasons but we will not attack first, we'll defend\r\nattack meaning you guys hack Russia a few times we hack back. Simple, please understand we see #Ukraine\r\ncitizens as family.”\r\nThe group’s messages have become increasingly ambiguous and ominous, and they tweeted — hours after\r\nclaiming to be family with Ukrainians — a job application for those experienced with breaching networks. On\r\nWednesday, March 2 they tweeted, “We seen a chance to make millions, we're going to take that chance.”\r\nCoomingproject - Sides with Russia. The international hacker group announced today in a statement, “Hello\r\neveryone this is a message we will help the Russian government if cyber attacks and conduct against Russia.” The\r\ngang is linked to the 2021 data breach and leak of the South African National Space Agency.\r\nThe domino effect of hacker announcements prompted Ukraine’s Defense Ministry to send a message to the\r\nUkrainian underground hacker community. The message was a call-to-action encouraging Ukrainian hackers to\r\nassemble in a mission to protect the nation’s critical infrastructure from cyberattacks and act offensively against\r\nRussia in cyber espionage operations. Although requested by the Defense Ministry, the message was published by\r\nYegor Aushev, the founder of Cyber Unit Technologies, who provided an application for those in the hacker\r\ncommunity to apply.\r\nEmma Vail\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 5 of 6\n\nEmma Vail is an editorial intern for The Record. She is currently studying anthropology and women, gender, and\r\nsexuality at Northeastern University. After creating her own blog in 2018, she decided to pursue journalism and\r\nfurther her experience by joining the team.\r\nSource: https://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nhttps://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49\r\nPage 6 of 6", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://therecord.media/russia-or-ukraine-hacking-groups-take-sides/?msclkid=235244a7ba6611ec92f21c9bd3b8ee49" ], "report_names": [ "?msclkid=235244a7ba6611ec92f21c9bd3b8ee49" ], "threat_actors": [ { "id": "67bf0462-41a3-4da5-b876-187e9ef7c375", "created_at": "2022-10-25T16:07:23.44832Z", "updated_at": "2026-04-10T02:00:04.607111Z", "deleted_at": null, "main_name": "Careto", "aliases": [ "Careto", "The Mask", "Ugly Face" ], "source_name": "ETDA:Careto", "tools": [ "Careto" ], "source_id": "ETDA", "reports": null }, { "id": "f547e816-ea17-442e-915d-c5c76a30669b", "created_at": "2022-10-25T16:07:23.891717Z", "updated_at": "2026-04-10T02:00:04.780944Z", "deleted_at": null, "main_name": "NB65", "aliases": [], "source_name": "ETDA:NB65", "tools": [ "NB65" ], "source_id": "ETDA", "reports": null }, { "id": "f29188d8-2750-4099-9199-09a516c58314", "created_at": "2025-08-07T02:03:25.068489Z", "updated_at": "2026-04-10T02:00:03.827361Z", "deleted_at": null, "main_name": "MOONSCAPE", "aliases": [ "TA445 ", "UAC-0051 ", "UNC1151 " ], "source_name": "Secureworks:MOONSCAPE", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "4f472ea8-b147-486d-8533-88f8036343a6", "created_at": "2024-01-23T13:22:35.081084Z", "updated_at": "2026-04-10T02:00:03.520098Z", "deleted_at": null, "main_name": "Cyber Partisans", "aliases": [], "source_name": "MISPGALAXY:Cyber Partisans", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "0bce7575-ba34-4742-afb7-a4d3ade12dbe", "created_at": "2023-11-14T02:00:07.091122Z", "updated_at": "2026-04-10T02:00:03.448867Z", "deleted_at": null, "main_name": "XakNet", "aliases": [ "UAC-0100", "UAC-0106" ], "source_name": "MISPGALAXY:XakNet", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8754f54b-7154-4996-b065-94f04f846022", "created_at": "2023-11-07T02:00:07.095161Z", "updated_at": "2026-04-10T02:00:03.405596Z", "deleted_at": null, "main_name": "NB65", "aliases": [ "Network Battalion 65" ], "source_name": "MISPGALAXY:NB65", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "93b7776d-9b37-496d-94a5-30bc36fd8800", "created_at": "2023-11-07T02:00:07.10019Z", "updated_at": "2026-04-10T02:00:03.407781Z", "deleted_at": null, "main_name": "GhostSec", "aliases": [ "Ghost Security" ], "source_name": "MISPGALAXY:GhostSec", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "119c8bea-816e-4799-942b-ff375026671e", "created_at": "2022-10-25T16:07:23.957309Z", "updated_at": "2026-04-10T02:00:04.807212Z", "deleted_at": null, "main_name": "Operation Ghostwriter", "aliases": [ "DEV-0257", "Operation Asylum Ambuscade", "PUSHCHA", "Storm-0257", "TA445", "UAC-0051", "UAC-0057", "UNC1151", "White Lynx" ], "source_name": "ETDA:Operation Ghostwriter", "tools": [ "Agentemis", "Cobalt Strike", "CobaltStrike", "HALFSHELL", "Impacket", "RADIOSTAR", "VIDEOKILLER", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "05b0c294-6e79-4d58-8291-73d2c1c7d9bd", "created_at": "2024-06-25T02:00:05.048321Z", "updated_at": "2026-04-10T02:00:03.665219Z", "deleted_at": null, "main_name": "BlueHornet", "aliases": [ "APT49", "AgainstTheWest" ], "source_name": "MISPGALAXY:BlueHornet", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null }, { "id": "b4a6d558-3cba-499c-b58a-f15d65b7a604", "created_at": "2023-01-06T13:46:39.346924Z", "updated_at": "2026-04-10T02:00:03.295317Z", "deleted_at": null, "main_name": "Killnet", "aliases": [], "source_name": "MISPGALAXY:Killnet", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f5bf6853-3f6e-452c-a7b7-8f81c9a27476", "created_at": "2023-01-06T13:46:38.677391Z", "updated_at": "2026-04-10T02:00:03.064818Z", "deleted_at": null, "main_name": "Careto", "aliases": [ "The Mask", "Ugly Face" ], "source_name": "MISPGALAXY:Careto", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8a33d3ac-14ba-441c-92c1-39975e9e1a73", "created_at": "2023-01-06T13:46:39.195689Z", "updated_at": "2026-04-10T02:00:03.243054Z", "deleted_at": null, "main_name": "Ghostwriter", "aliases": [ "UAC-0057", "UNC1151", "TA445", "PUSHCHA", "Storm-0257", "DEV-0257" ], "source_name": "MISPGALAXY:Ghostwriter", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "63f532e6-4b4a-4f17-bbff-8517f0dd1868", "created_at": "2024-01-09T02:00:04.192588Z", "updated_at": "2026-04-10T02:00:03.507424Z", "deleted_at": null, "main_name": "KelvinSecurity", "aliases": [], "source_name": "MISPGALAXY:KelvinSecurity", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434527, "ts_updated_at": 1775791892, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/68d80b5bd98e70b85cef92203b0029a49dfd9432.pdf", "text": "https://archive.orkl.eu/68d80b5bd98e70b85cef92203b0029a49dfd9432.txt", "img": "https://archive.orkl.eu/68d80b5bd98e70b85cef92203b0029a49dfd9432.jpg" } }